Report - www.carifred.com/uvk/UVK.zip

Report Overview

Submitted URL
www.carifred.com/uvk/UVK.zip
IP
74.208.128.80
ASN
#8560 IONOS SE
Submitted
2024-03-28 20:01:24
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
17

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.carifred.com	unknown	2009-12-04	2012-05-21	2024-03-28	482 B	10 MB	74.208.128.80

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.carifred.com/uvk/UVK.zip
IP
74.208.128.80
ASN
#8560 IONOS SE

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
10 MB (10022746 bytes)
Hash
8964130588f570ca07aef339d94d2c71
e86702816b60f4523ba2726a32ef90f1bf27a80a
faef6a7cf16a0b75182fb2baa6af442618c48c9e43628e822b1b8ee18028a365

Archive (28)

Filename

Md5

File type

BlueScreenView.chm

d130e5001531448871bb8ef10c106b25

MS Windows HtmlHelp Data

BlueScreenView.exe

6126f1221d29712c069ee28ef4186e24

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

readme.txt

acecb7d7af592da7a843ef44b4500818

ASCII text, with CRLF line terminators

cleanup.exe

43bee82c5be9ff1f315f7e04e0c2913a

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

cleanup.ini

1d1e8db5611cb01984b24381978371c1

ASCII text, with CRLF line terminators

msicuu.exe

06109701320fb25f00e004110676a6f2

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

msicuu_readme.txt

31f061b4053a587c987096ed824eff76

ASCII text, with very long lines (542), with CRLF line terminators

MsiZap.exe

27d4bcc325306b1415a89de550528e04

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

msizapw.exe

27d4bcc325306b1415a89de550528e04

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

readme.txt

cf28fd8623c794542149d7e730e34106

Non-ISO extended-ASCII text, with CRLF line terminators

sigcheck.exe

d49706ab3d9e1a1fe1e0b72d7d0e8559

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

unicows.dll

e1102cedf0c818984c2aca2a666d4c5f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

7za.exe

42badc1d2f03a8b1e4875740d3d49336

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

AutoItRun.exe

0f0a43c382616c17b659044ea13455dd

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

AutoItRun64.exe

4cc9033d969fef277c6f2a736a90f804

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

Log analyzer.exe

7c772b8fec193cf85bf0f697b41a22df

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

2Browse.exe

50fdc6d331e1b54d1adfab165aa1dde6

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

RebootExec.exe

a723a716dd25cf4fded4f5c5f60f3eef

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

RebootExecx64.exe

ebca7756c615cfbdddb41234f3521245

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

WAU Manager.exe

452468d677721a6b3f3a61c7e6f25532

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ClearDiskInfo.exe

d408090bf1b1ce3977d3b674451a5b37

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

DiskCopy.bat

6ed823b277da7b047f6beda22aa0616b

DOS batch file, ASCII text, with CRLF line terminators

DiskCopy.exe

07fc499d32e623dfa38a0049b821653e

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

uvkres.dll

c1e51820b6059ac7b46326152b2c1717

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

UVK_en.exe

8789d739757837996cd03dc6fec1e32f

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

UVK_en64.exe

2164fd7289c4b4e43b73433272157f09

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

PortableZip.ini

d41d8cd98f00b204e9800998ecf8427e

License.htm

94c8cd4e199f72946aef86fca55a06a6

HTML document, ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.carifred.com/uvk/UVK.zip	74.208.128.80	200 OK	10 MB
URL User Request GET HTTP/2 www.carifred.com/uvk/UVK.zip IP 74.208.128.80:443 ASN #8560 IONOS SE Certificate IssuerDigiCert Inc Subject.carifred.com Fingerprint48:7F:14:29:70:39:B6:B2:55:4B:C6:14:83:F0:7F:ED:04:89:B5:05 ValidityFri, 13 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 10 MB (10022746 bytes) Hash 8964130588f570ca07aef339d94d2c71 e86702816b60f4523ba2726a32ef90f1bf27a80a faef6a7cf16a0b75182fb2baa6af442618c48c9e43628e822b1b8ee18028a365 HTTP Headers `GET /uvk/UVK.zip HTTP/1.1 Host: www.carifred.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Thu, 28 Mar 2024 20:00:53 GMT content-type: application/zip content-length: 10022746 last-modified: Thu, 28 Mar 2024 19:11:04 GMT etag: "98ef5a-614bd48e0b43e" accept-ranges: bytes x-powered-by: PleskLin X-Firefox-Spdy: h2`

www.carifred.com/uvk/UVK.zip

74.208.128.80

200 OK

10 MB

URL User Request GET HTTP/2
www.carifred.com/uvk/UVK.zip
IP
74.208.128.80:443
ASN
#8560 IONOS SE

Certificate
IssuerDigiCert Inc
Subject*.carifred.com
Fingerprint48:7F:14:29:70:39:B6:B2:55:4B:C6:14:83:F0:7F:ED:04:89:B5:05
ValidityFri, 13 Oct 2023 00:00:00 GMT - Sat, 12 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
10 MB (10022746 bytes)
Hash
8964130588f570ca07aef339d94d2c71
e86702816b60f4523ba2726a32ef90f1bf27a80a
faef6a7cf16a0b75182fb2baa6af442618c48c9e43628e822b1b8ee18028a365

HTTP Headers

GET /uvk/UVK.zip HTTP/1.1
Host: www.carifred.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 28 Mar 2024 20:00:53 GMT
content-type: application/zip
content-length: 10022746
last-modified: Thu, 28 Mar 2024 19:11:04 GMT
etag: "98ef5a-614bd48e0b43e"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (28)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers